ONLY REALISTIC ANSWERS PLS
QUESTION: 21
A newly hired Chief Information Security Officer (CISO) is reviewing the organization’s security
budget from the previous year. The CISO notices $100,000 worth of fines were paid for not properly encrypting outbound email messages. The CISO expects next year’s costs associated with fines to double and the volume of messages to increase by 100%. The organization sent out approximately 25,000 messages per year over the last three years. Given the table below:
|
Security Product |
Hardware price |
Installation fee |
Cost per message |
Throughput |
MTBF |
|
DLP Vendor A |
$50,000 |
$25,000 |
$1 |
100Mbps |
10000 hours |
|
DLP Vendor B |
$38,000 |
$10,000 |
$2 |
50Mbps |
8000 hours |
|
DLP Vendor C |
$45,000 |
$30,000 |
$1 |
70Mbps |
7000 hours |
|
DLP Vendor D |
$40,000 |
$60,000 |
$0.50 |
100Mbps |
7000 hours |
Which of the following would be BEST for the CISO to include in this year’s budget?
A. A budget line for DLP Vendor A
B. A budget line for DLP Vendor B
C. A budget line for DLP Vendor C
D. A budget line for DLP Vendor D
E. A budget line for paying future fines
QUESTION: 176
An organization has established the following controls matrix:
|
Minimum |
Moderate |
High |
|
|
Physical Security |
Cylinder Lock |
Cipher Lock |
Proximity Access Card |
|
Environmental Security |
Surge Protector |
UPS |
Generator |
|
Data Security |
Context-Based Authentication |
MFA |
FDE |
|
Application Security |
Peer Review |
Static Analysis |
Penetration Testing |
|
Logical Security |
HIDS |
NIDS |
NIPS |
The following control sets have been defined by the organization and are applied in aggregate
fashion:
Systems containing PII are protected with the minimum control set.
Systems containing medical data are protected at the moderate level.
Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database
containing PII and medical data from clients. Based on the controls classification, which of the
following controls would BEST meet these requirements?
A. Proximity card access to the server room, context-based authentication, UPS, and full-disk
encryption for the database server.
B. Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
C. Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
D. Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.
Solution for 1: Option E: A budget line for paying future fines since the fine will double and volume of messages will also increase
Solution for 2: Option A: Since the company wants to secure their database and techniques such as full-disk encryption for the database server is important due to the reason the database contains medical and PII data.However in few cases , technique such as intrusion detection , cipher lock can be integrated and employed.
ONLY REALISTIC ANSWERS PLS QUESTION: 21 A newly hired Chief Information Security Officer (CISO) is reviewing...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...